This invention relates to the distribution and controlled use of software products, and is particularly concerned with what is becoming known as software rental. The term xe2x80x9csoftware productxe2x80x9d is used herein to embrace computer programs and control processes generally.
Many procedures have been proposed and used for distribution of software products with sale of a license to use the software product, while attempting to retain control over unauthorized distribution and use of the software product. These procedures, and some of their disadvantages, include:
(i) retail sales of software product packages, involving high distribution costs in an inefficient process with a large element of risk, and low return on investment which is further reduced by unauthorized copying;
(ii) copy protection schemes which attempt to make copying difficult, but typically do not prevent copying by technically sophisticated people and reduce the usefulness of the software product to authorized people;
(iii) shareware, in which typically a subset of the software product is available for a trial period on an honour system, and there is no enforcement of the implied license;
(iv) hardware add-ons, in which use of the software product is dependent upon a physical device the most common of which is referred to as a dongel; the dongel is easily lost or broken, its use may interfere with other normal operations and is inconvenient, and the software product is open to copying by people with software knowledge who can create hardware-independent unauthorized copies of the software product; and
(v) enforced registration, in which the software is serialized and only runs after a user performs a registration procedure, which may use cryptography, to bind. an authorized user to a copy of the software product and help distributors locate sources of unauthorized copies; again the software product is open to copying by people with software knowledge who can create unauthorized copies bypassing the registration requirement.
These approaches do not satisfy desires for an effective method of distributing and controlling use of software products. These desires include low cost distribution of the software product without dependence on physical devices, protection of the software product from unauthorized use even by technically sophisticated people, transparency of the method to the user in operation of the software product, especially avoiding noticeable slowing of the speed of execution of the software product, applicability of the method to both new and existing software products, and an ability to provide and enforce a wide variety of business relationships with users (e.g. one-time, limited-time, and long-term use of the software product).
In Hornbuckle U.S. Pat. No. 5,388,211, issued Feb. 7, 1995 and entitled xe2x80x9cMethod And Apparatus For Remotely Controlling And Monitoring The Use Of Computer Softwarexe2x80x9d, there is described a software rental arrangement in which software is downloaded to a target computer from a host computer via a remote control module (RCM) which cooperates with the target computer to decrypt an encrypted key module which is critical to operation of the software. In this case the RCM constitutes a hardware add-on with disadvantages such as those described above, the arrangement having the further disadvantage of requiring changes to the operating system of the target computer, which makes the arrangement impractical.
An object of this invention is to provide an improved arrangement for the distribution and controlled use of software products.
According to one aspect, this invention provides a method of controlling use of a software product, comprising the steps of: obscuring a control thread in the software product; adding to the software product software for recovering the control thread for an authorized subscriber; and supplying to an authorized subscriber information to enable the added software, during execution of the software product, to recover the obscured control thread in a manner that is dependent upon the environment of the authorized subscriber.
The step of supplying said information to an authorized subscriber can comprise the steps of obtaining from the authorized subscriber local data dependent upon the environment of the authorized subscriber, encoding information relating to the obscured control thread in dependence upon the local data, and supplying the encoded information to the authorized subscriber. The encoding can also be dependent upon information derived from the added software for recovering the obscured control thread, and the added software can incorporate arbitrary (e.g. random) data so that decoding is dependent upon the integrity of the added software.
The software for recovering the control thread for an authorized subscriber can include redirection software responsive to said information to determine target addresses of calls to relocatable subroutines during execution of the software product, and the step of obscuring a control thread in the software product can comprise replacing calls to said relocatable subroutines by calls to the redirection software. The redirection software can be added to the software product in the step of adding software for recovering the control thread for an authorized subscriber, or it can be supplied to the authorized subscriber separately from the software product.
Another aspect of the invention provides a method of controlling use of a software product, comprising the steps of: replacing calls to relocatable subroutines in the software product by calls to redirection software; adding authorizing software to the software product, and modifying the software product to execute the authorizing software on execution of the modified software product; storing information relating to the replaced calls and the authorizing software for use by an authorization agent; in response to execution of the software product, and hence the authorizing software, by a subscriber to be authorized, communicating to the authorization agent local data dependent upon an environment in which the software is executed; in response to the local data being received by the authorization agent for an authorized subscriber, encoding the stored information relating to the replaced calls in dependence upon the local data and the authorizing software, and supplying the encoded information to the subscriber; and at the authorized subscriber, executing the software product with the replaced calls to the redirection software, the redirection software determining target addresses for the replaced calls during execution of the software product in dependence upon the encoded information, the local data, and the authorizing software.
Again, the redirection software can be either added to the software product with the authorizing software or supplied to the authorized subscriber in response to execution of the authorizing software. The step of replacing calls to relocatable subroutines in the software product by calls to redirection software can comprise the steps of overwriting the calls with arbitrary (e.g. random) data, and replacing the overwritten calls by calls to the redirection software in response to information supplied to the authorized subscriber in response to execution of the authorizing software. Arbitrary data can also be included in the authorizing software.
In a particular embodiment of the invention described in detail below, the step of encoding the stored information relating to the replaced calls in dependence upon the local data and the authorizing software comprises the step of, for each replaced call, determining a hash number H dependent upon a calling address in the stored information, the local data, and a hash of the authorizing software, and further comprises the steps of, for each replaced call, storing information for identifying a target address for the call in a table of length N at an offset into the table of H mod K, where K is equal to H div N. The information stored in the table is then conveniently produced by an exclusive-or combination of the respective target address with the respective value K.
A further aspect of the invention provides a method of modifying a software product for controlled use, comprising the steps of:
producing a distributable software product by replacing in the software product calls to relocatable subroutines by calls to redirection software, and adding authorizing software for execution on execution of the distributable software product to communicate with an authorization agent to authorize a subscriber for controlled use of the distributable software product and to provide information necessary for the redirection software to determine only during execution, in dependence upon local data relating to the authorized subscriber, a target address for each replaced call; and
storing for use by the authorization agent information relating to the replaced calls to enable the authorization agent to provide said information, necessary for the redirection software to determine a target address for each replaced call, to the authorized subscriber encoded in a manner dependent upon local data supplied by the subscriber.
The redirection software can be included in the distributable software product or stored for use by the authorization agent and supplied to the authorized subscriber during execution of the authorizing software. In either case the encoding by the authorization agent of said information, necessary for the redirection software to determine a target address for each replaced call, is preferably also dependent upon the authorizing software.